• About InfoGard

  The Company

  • Overview
  • What We Do
  • Credentials
  • Independent Third Party
  • Careers
  • Contact Us

  Clients

  • Our Customers
  • Customer Testimonials

  Management Team

  • Company Management
  • Company Advisors
• Sectors We Serve

  Healthcare IT

  • EHR Testing & Certification
  • ONC-ATCB Certification
  • Hospital EHR Certification
  • Hospital Meaningful Use Incentive Payment Security Risk Analysis
  • Electronic Prescriptions for Controlled Substances (EPCS)
  • HIPAA Security & Privacy Assessments
  • SecureEHR
  • Breach Safe Harbor Certification
  • CalHIPSO
  • Penetration Test Services for Healthcare
  • Healthcare Vulnerability Scan Service
  • Medical Device Validation
  • Services for Security Technology Vendors
  • Healthcare Security and Privacy Offerings

  Federally Mandated Security

  • FIPS 140-2
  • Common Criteria Validation
  • Postal Systems
  • FIPS 201 (NPIVP) Card Command Validation

  Financial Services

  • Hardware Security Module
  • PCI Pin Entry Device Security
  • PCI Approved Scanning Vendor Validation
  • MasterCard PTS
  • Australian Payments Clearing Association
• Problems We Solve

  Problems We Solve

  • Healthcare
  • Smart Card/ID
  • Financial Industry
  • Federal Government

  Security Technology

  • Cryptographic Knowledge
  • Comprehensive Network Assessments
  • System Security Assessments
  • Compliance Assessments
  • FIPS 140-2
• Blog, News, & Events
  • Blog
  • Conferences
  • News
• Resources

  Resources by Sectors

  • Federally Mandated Security
  • Financial Services
  • Healthcare IT

  General Resources

  • Network Security Assessment
  • GSA Schedule
  • FAQ About EHR & HHS Safe Harbor Certification
  • Meaningful Use & Certification
  • About Breach Safe Harbor
  • Useful Links

SecureEHR Services

Home > Healthcare Information Technology > SecureEHR

HHS Safe Harbor from Breach Reporting for HIT Users

In Healthcare, a breach is defined as the loss of Protected Health Information (PHI). If a loss of PHI occurs, it must be reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The graph above shows the recent history of reported breaches affecting 500 or more patients.

Under the Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule, a Breach Safe Harbor relieves Healthcare providers and hospitals from the requirement to report a breach to the HHS OCR. Not only are penalties, fines, and other costs avoided, but also the damaging negative publicity an organization must endure after such an event.

 Breach Safe Harbor requirements were established under the HIPPA/HITECH Breach Notification Rule by the HHS Interim Final Rule (45 CFR Part 160 and 164), which relies on the Federal Information Processing Standard 140-2 (FIPS 140-2) to provide the cryptographic security requirements as the basis of the Breach Safe Harbor.  See the following for details:

• http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf
• http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brguidance.html

A Breach Safe Harbor is afforded when PHI is protected by EHRs or other Healthcare Information Technology (HIT) products in compliance with specified National Institute of Standards and Technology (NIST) Standards and Guidelines. If you are interested in receiving more information about InfoGard's Breach Safe Harbor services, please call us at 805.783.0810 or use our Contact Form.